Feng Qian

Name of the Vulnerable Software and Affected Versions: Apple Safari versions prior to 4.0 iPhone OS versions 1.0 through 2.2.1 iPhone OS for iPod touch versions 1.1 through 2.2.1 Description: A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via vectors involving access to frame contents after completion of a page transition. Recommendations: For Apple Safari versions prior to 4.0, update to version 4.0 or later. For iPhone OS versions 1.0 through 2.2.1, update to a version later than 2.2.1. For iPhone OS for iPod touch versions 1.1 through 2.2.1, update to a version later than 2.2.1.

**Name of the Vulnerable Software and Affected Versions** libqt4-sql-sqlite2 (affected versions not specified) libqt4-webkit (affected versions not specified) libqt4-designer (affected versions not specified) libqt4-opengl (affected versions not specified) libqt4-script (affected versions not specified) libqt4-assistant (affected versions not specified) libqt4-dbus (affected versions not specified) libqt4-sql-sqlite (affected versions not specified) libqt4-sql-ibase (affected versions not specified) libqt4-network (affected versions not specified) libqt4-opengl-dev (affected versions not specified) libqt4-sql-psql (affected versions not specified) libqt4-xmlpatterns (affected versions not specified) libqt4-sql (affected versions not specified) libqt4-gui (affected versions not specified) libqt4-sql-mysql (affected versions not specified) qt4-designer (affected versions not specified) libqt4-xmlpatterns-dbg (affected versions not specified) libqt4-core (affected versions not specified) libqt4-dev (affected versions not specified) qt4-demos (affected versions not specified) qt4-dev-tools (affected versions not specified) qt4-doc (affected versions not specified) libqt4-xml (affected versions not specified) libqt4-dbg (affected versions not specified) libqt4-sql-odbc (affected versions not specified) libqt4-test (affected versions not specified) libqt4-qt3support (affected versions not specified) libqt4-webkit-dbg (affected versions not specified) libqt4-svg (affected versions not specified) qt4-doc-html (affected versions not specified) Apple Safari (versions prior to 4.0) **Description** The issue affects multiple packages in the Debian GNU/Linux operating system, including libqt4-sql-sqlite2, libqt4-webkit, and others, allowing remote attackers to compromise the confidentiality, integrity, and availability of protected information. Additionally, WebKit in Apple Safari before 4.0 does not properly initialize memory for Attr DOM objects, which allows remote attackers to execute arbitrary code or cause a denial of service. The exploitation of these vulnerabilities can be carried out remotely. **Recommendations** As a temporary workaround, consider disabling the vulnerable components until a patch is available. Restrict access to the vulnerable modules to minimize the risk of exploitation. Avoid using the affected packages until the issue is resolved. For Apple Safari, update to version 4.0 or later to resolve the issue. At the moment, there is no information about a newer version that contains a fix for the Debian GNU/Linux packages.